Whilst cryptography may sound like some obscure and foreign concept, we rely on it every day to ensure that our information is secure.

Cryptography refers to the field of study of a range of concepts which are used to provide secure communication, including encryption, decryption, algorithms, computer programming and transmission technology.

The Australian Government providesGuidelines for Using Cryptography(the Guidelines), stating that the purpose of cryptography is to provide:

Encryption

Encryptionis the process of encoding a message with an algorithm and is one of the aspects of cryptography.

Encryption can be used in two key ways:

Cryptographic systems

Cryptographic systems are comprised of cryptographic equipment and keying material (data). The Guidelines provide advice on the storage and transportation of Commercial Grade Cryptographic Equipment (CGCE).

High Assurance Cryptographic Equipment(HACE) is used by organisations to protect highly classified information. Due to the sensitive nature of HACE, and the limited information publicly available on it, organisations must contact the Australian Cyber Security Centre (ACSC) before using it.

Cryptographic algorithms

Algorithms are one important component of cryptography and are key to the functioning of encryption. TheAustralian Signals Directorate(ASD) provides a list of approved cryptographic algorithms which have been extensively tested for resistance to attacks.

ASD approved cryptographic algorithms (AACAs) fall into three categories: asymmetric/public key algorithms, hashing algorithms and symmetric encryption algorithms. The differences between these algorithms are highly technical.

The Guidelines also provide a number of cryptographic algorithms for the protection of highly classified information such assecret and top secret information.

Cryptographic protocols

The Guidelines provide a list of approved cryptographic protocols which can be used with cryptographic equipment and software to secure information. The ASD approved cryptographic protocols (AACPs) are:

Further information on these AACPs is provided in the Guidelines.

Read the original post:
Cryptography 101: What are the mechanics of information security? - Lexology

Tuesday, February 18, 2020 9:07 a.m. EST

By George Georgiopoulos and Deborah Kyvrikosaios

ATHENS (Reuters) - A humanoid figure dressed as a maid holds a jug in its right hand and, as hidden gears click and whirr, lifts it and pours wine into a cup a bystander has placed into the palm of its left.

The robot is a recreation of the automatic servant of Philon, designed more than 2,200 years ago by a Greek engineer and operating though a complex mechanism of springs, weights and air pressure that also allowed it to dilute the alcohol with water.

It is the focal point of an exhibition of more than 100 inventions that highlight the vast extent of Ancient Greece's technological legacy and also features an analogue computer, an alarm clock and automatic fire doors.

"By just opening up the hood of a modern car, you will see bolts and nuts, screws, automatic pilots. All of these were just some of the inventions (pioneered)... by the ancient Greeks that were the building blocks of complex technology," said exhibition director Panagiotis Kotsanas.

The exhibits are explained with audio-visual material and detailed diagrams, and many are interactive.

The automatic doors of Heron of Alexandria were considered a miracle of the gods. Installed in a temple, they opened when a fire burned on its altar, to the awe of those spectating.

Viewed as a precursor of the computer, the 2,000-year-old Antikythera mechanism forecast astronomical and calendar events using gears and dials.

The philosopher Plato's alarm clock used a hydraulic system of ceramic jugs filled with water to 'ring' with a chirping sound at the desired time.

Other recreations include Polybolos, a repeating catapult capable of launching arrows in succession, examples of cryptography to send coded messages in times of war, and the Pyoulkos, a syringe used for injections and to remove pus.

The exhibition is on permanent display at the Kotsanas Museum of Ancient Greek Technology in central Athens.

(Reporting by George Georgiopoulos; writing and editing by John Stonestreet)

Originally posted here:
Robots, clocks and computers: How Ancient Greeks got there first - Midwest Communication

$280 billion rides on the proposition that cryptocurrency is impregnable. Maybe it isnt.

Machinery in an IBM quantum computing lab (photo by Seth Wenig)

Call it the singularity. One day, maybe a decade from now, a message flashes across the internet: Elliptic curves cracked!

Elliptic curve cryptography, or ECC, is the foundation beneath bitcoin. Wouldnt the discovery of a hole in this code destroy the currencyand take down any coin exchange?

I posed the question to Brian Armstrong, who co-founded and runs Coinbase, the largest U.S. crypto exchange. He cant prove that there wont be some mathematical shortcut compromising bitcoin keys. But he considers the risk low.

Ten years in, there's a ton of people who have looked at this code, he answered, in an interview at the Coinbase headquarters in San Francisco. It's a hundred-billion-dollar bounty. So I think that scenario is very unlikely.

Bitcoin plus the lesser currencies that compete with it amount to a $280 billion asset pile, a tempting target for bad guys. From bitcoins earliest days, hacks, cracks, hijacks, phishes, vishes, and social engineering have threatened it. So far the successful assaults on this industry have been around the edges; even the big heist at Mt. Gox did not kill cryptocurrency.

But what if thieves discover a fundamental vulnerability? It might be in the way the encryption works. It might be in the global network of computer nodes that track ownership of bitcoin. It might be in some aspect of crypto that no one is thinking much about.

Crypto players offer two answers to the question about cosmic risks. One is that the system might see an asteroid coming and take defensive measures. If bitcoins 11-year-old encryption proves to have a weak spot, the nodes could move en masse to a different protocol. They might be able to do this before any coins have been stolen. Alternatively, they could hark back to an earlier version of the blockchain that was in place before a theft; this is how the Ethereum chain partly undid some skulduggery involving the DAO venture capital fund.

The other answer, not entirely reassuring, is that a lot more than bitcoin is at stake. Says Philip Martin, head of security for Coinbase: A core math problem? Were talking the collapse of the internet. Trillions of dollars course through electronic networks protected with encryption. So, for what its worth, in the digital apocalypse an implosion of bitcoin would be the least of our concerns.

Lets now consider some of the weaknesses that envelop digital currency.

Bad implementation

Once upon a time Sony used elliptic curves to protect its PlayStation. In order to run, a game would have to provide a digital signature constructed from Sonys secret key, the same kind of key that protects your bitcoin. The signature routine uses, as one of its inputs, a different randomly chosen number for each validating signature.

Sony goofed, recycling the same number. It turns out that this enabled anyone possessing two legitimate games and a knowledge of high-school algebra to compute the secret key and run pirated games. Andrea Corbellini, a cryptographer who has explained the flaw, speculates that Sony might have been inspired by this Dilbert cartoon.

You might think that all such potholes were found long ago and repaired. But no. Recently the National Security Agency reported on a flaw in a Microsoft browser that made a mistake in delivering the digital signatures that verify websites as legitimate. ECC calls for using a specific starting point. The flaw enabled a website to slip in a different point. With just the right substitute, a malicious site could have forged a signature and stolen the password for your bank account.

Microsoft quickly patched the hole. But it makes you wonder. Could there be other holes in some or all of the software used to hold and transfer virtual currencies?

Crypto managers are on guard. Says Martin, the Coinbase security guy: I am much more scared of an implementation flaw in a library than I am of a flaw in the underlying math.

Some bitcoin owners, trying to manage their own coin wallets, have made the same mistake Sony did with its game console. Writes one security expert: A lot of Russian bitcoin hackers have coded bots to automatically grab coins from vulnerable addresses. Presumably you have nothing to worry about if you hire experts to manage your wallet.

Social engineering

A crook doesnt have to know algebra to steal bitcoin. Good acting might do it.

Jamie Armistead is a vice president at Early Warning, the bank consortium that runs the Zelle payments network. Is there a risk that someone will crack the encryption that protects the money coursing through Zelle? Answers Armistead: Its not hacking that keeps him awake at night. Its phishing, like the false email to the corporate treasurer.

Vishing, a variant of phishing involving voice commands, is a security risk. So is device hijacking, in which the thief gets control of your smartphone account. So are all manner of man-in-the-middle attacks, the electronic version of a football pass interception. Cybersecurity engineers constantly update communication protocols to prevent that. They can barely keep up.

Could a hoax on a grand scale cause a majority of bitcoin nodes to simultaneously make a fatal mistake? It would have to be rather byzantine. Its conceivable.

Mathematical hacks

Encryption methods in common use look secure, because they have been studied for many years by many people. But they are not provably secure. Someone might discover a way to tunnel into them.

Encryption works by scrambling numbers. One way to do that, in the scheme named RSA (after inventors Rivest, Shamir and Adleman) that is still widely used to secure sensitive data, involves exponentiation and modular arithmetic. When you multiply 4 by itself 3 times, 3 is the exponent and you get 64. In modulo 11, you divide this by 11 and consider only the remainder 9.

With small numbers like these, this is a meaningless exercise. But cryptography uses gigantic numbers, and those numbers get shuffled into a giant mess. To get a sense of this, try out the exponentiation/modular game on our small numbers: 2 turns into 8, 3 into 5, 4 into 9 and so on. The only way to unshuffle is to know a certain secret about the modulo. This secret relates to some mathematical formulas that go back a long ways. A 17th century Frenchman named Fermat played an important role.

The other big shuffling scheme is ECC. This involves the modular multiplying of not single numbers but pairs of them. Think of the pair as the coordinates on a map. The multiplying is weird: To double a pair, you dont just move it twice as far from the corner; you bounce it off an elliptic curve. This scrambles all the points on the map. In cryptography, the starting point is not merely doubled; it is multiplied by a gigantic number. This really scrambles the map. That giant number, kept secret, is the key that unlocks a bitcoin.

RSA and ECC both have this feature: Someone who possesses the secret can prove that he possesses it without revealing it.

These two protection schemes rely on the apparent difficulty of certain arithmetic tasks. In the case of RSA, its finding the two numbers that were multiplied together to arrive at the modulo; in the case of ECC, its dividing the end point by the starting point to determine the multiplier. Difficult means taking trillions of years of guesswork on a laptop.

Unless shortcuts are found. For RSA, a well-known shortcut to factoring numbers involves a number sieve. For ECC, theres a big step, little step algorithm that dramatically reduces the computation time. At this point, these tricks go only so far. The difficulty, for a key of a given size, might be measured in billions rather than trillions of years.

For reassurance about the safety of the crypto market and of internet commerce we go back to what Brian Armstrong said: There is a large incentive to find a killer shortcut, and evidently no one has found one. But there is no way to know that no vastly better tricks are about to be discovered.

Fermat, the French mathematician, conjectured a simple fact about exponents of numbers that looked true but couldnt be proved. For three centuries people labored to prove it and failed. And then one day not too long ago a proof was discovered. It relied, in part, on elliptic curves.

Quantum computers

Computers using quantum effects could, in theory, shrink the time for decoding an encrypted message from billions of years to hours. One such theory, for cracking RSA, dates to 1994.

In October Google sent a shiver through the cryptography world by announcing quantum supremacy. An experimental quantum device, the company said, did in 200 seconds what would have taken a conventional computer 10,000 years. Thats debatable; some researchers at IBM claimed that Google overstated the time difference by six orders of magnitude. Still, quantum computing is a threat.

Not an immediate one. The task in the Google experiment was designed specifically for the limited skills of quantum computing elements. These skills are a long way from those needed to crack codes. The 1994 algorithm is not in use because the hardware for it exists only on paper.

But ten years from now? We dont know where quantum computing will be.

Back door

For an encryption routine the anonymous creator(s) of bitcoin plucked an elliptic curve off the shelf. This curve was designed by the federal government. Were the parameters devilishly selected in a way to create mathematical vulnerabilities? Does the National Security Agency have a back door to your coins? Probably not. But you cannot be sure. Governments are not in sympathy with the anarchist philosophy underlying cryptocurrency.

Since cryptos creation, thousands of coins have been pilfered in hacks, scams and Ponzi schemes. These will continue. As for the big knockover, in which the whole system is taken down, we can say that the probability is low. But it is not zero.

Related story: Guide To Cryptocurrency Tax Rules

Corbellinis primer

Read the rest here:
Can All Of Bitcoin Be Hacked? - Forbes

WISeKey drives innovations in IoT security with 23 strategic patents in the U.S.

Geneva, Switzerland/New York, USA 18 February WISeKeyInternational Holding Ltd. (WISeKey NASDAQ: WKEY; SIX Swiss Exchange: WIHN), cybersecurity delivering Integrated Security Platforms, today announced that it has registered a total of 23 new strategic patents in U.S. which are essential to the digital transformation applications that are fueling the growth in the IoT market (see list of U.S. patentshere).

With a rich portfolio of more than 46 patent families, covering over 100 fundamental individual patents, and another 22 patents under review, WISeKey continues to expand its technology footprint in various domains including the design of secure chips, near field communication (NFC), the development of security firmware and backend software, the secure management of data, the improvement of security protocols between connected objects and advanced cryptography.

For WISeKey, adding to its patent portfolio and intellectual property is key to ensuring that the company remains a major player in the IoT industry for years to come, providing their customers with scientifically proven technology that differentiates and protects their products from counterfeiting, adds valuable supply-chain tracking features, and prevents the loss of sensitive enterprise and consumer data.

Innovation is at the core of everything we do at WISeKey, commented Carlos Moreira, WISeKeys CEO and Founder, which is why we directed more than 18% of our annual revenue in 2019 (or approximately $4.5million) to R&D expenses in an effort to keep our products ahead of bad actors who are using the expanding surface area of the IoT landscape to disrupt critical services and cause harm to consumers.

Digital transformation in the IoT market is opening up new applications that can improve the efficiencies of power grids, use NFC chips embedded on pharmaceutical labels to provide better quality healthcare, or secure autonomous vehicles but its also creating new security risks, each with its own set of challenges and consequences. Digital identities provided as part of the WISeKey Integrated Security Platforms act as the first line of defense in IoT security architectures by giving each object its own unique, immutable, identity that can be used for strong authentication of the device and encryption of sensitive data as it travels from the edge to the cloud.

If you spread the estimated 50 billion connected devices across the predicted world population of 6.8 billion in 2020, you will end up with more than 7 IoT devices per person. Add on top of that the massive amounts of data being generated by each device, over 2.3 zettabytes by 2035, and you can immediately see how big the IoT security market is for WISeKey and why the investment in developing market-leading technologies is critical for their continued success.

About WISeKey

WISeKey (NASDAQ: WKEY; SIX Swiss Exchange: WIHN) is a leading global cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT respecting the Human as the Fulcrum of the Internet. WISeKey microprocessors secure the pervasive computing shaping todays Internet of Everything. WISeKey IoT has an install base of over 1.5 billion microchips in virtually all IoT sectors (connected cars, smart cities, drones, agricultural sensors, anti-counterfeiting, smart lighting, servers, computers, mobile phones, crypto tokens etc.). WISeKey is uniquely positioned to be at the edge of IoT as our semiconductors produce a huge amount of Big Data that, when analyzed with Artificial Intelligence (AI), can help industrial applications to predict the failure of their equipment before it happens.

Our technology is Trusted by the OISTE/WISeKeys Swiss based cryptographic Root of Trust (RoT) provides secure authentication and identification, in both physical and virtual environments, for the Internet of Things, Blockchain and Artificial Intelligence. The WISeKey RoT serves as a common trust anchor to ensure the integrity of online transactions among objects and between objects and people. For more information, visitwww.wisekey.com.

Press and investor contacts:

Disclaimer:This communication expressly or implicitly contains certain forward-looking statements concerning WISeKey International Holding Ltd and its business. Such statements involve certain known and unknown risks, uncertainties and other factors, which could cause the actual results, financial condition, performance or achievements of WISeKey International Holding Ltd to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. WISeKey International Holding Ltd is providing this communication as of this date and does not undertake to update any forward-looking statements contained herein as a result of new information, future events or otherwise.

This press release does not constitute an offer to sell, or a solicitation of an offer to buy, any securities, and it does not constitute an offering prospectus within the meaning of article 652a or article 1156 of the Swiss Code of Obligations or a listing prospectus within the meaning of the listing rules of the SIX Swiss Exchange. Investors must rely on their own evaluation of WISeKey and its securities, including the merits and risks involved. Nothing contained herein is, or shall be relied on as, a promise or representation as to the future performance of WISeKey.

Read more:
WISeKey Drives Innovations in IoT Security with 23 Strategic Patents in the U.S. - GlobeNewswire

Pneumologist Dr. Laura Crotty joined professors from seven different UC San Diego departments and more than a dozen biomedical professionals on Thursday, Feb. 6 at Muirlands Middle School to educate the sixth- through eighth-grade students in ways that go beyond the conventional career day. The annual Muirlands STEAM Day had students engaged in learning about a multitude of industries that use traditional skills in innovative ways.

Sponsored by the Muirlands Middle School Foundation, the STEAM event was created to inspire the kids in the areas of Science, Technology, Engineering, Arts and Mathematics, said co-organizer Jaqueline Fisk, a Muirlands parent, industrial engineer and former STEAM event speaker. We volunteer to inspire the kids to not label themselves and see how certain skills are applied in the real world.

The event differs from a typical career day in that organizers really shape it so theres a bit of vision, explained Anna DeAngelis, Fisks co-organizer and fellow Muirlands parent. DeAngelis said this year, the event had a biomed theme that aligns with La Jolla high schools new biomed path. This year, we have speakers who show how they apply school subjects directly to their work, she continued, explaining that four of the speakers use math daily a mathematician, cryptography expert, an accountant, and a math tutoring director. Three others a novelist, a journalist and a linguistics professor use English and languages in their jobs.

Another feature of the event that sets it apart from others, Fisk stated, is that she and DeAngelis work with the presenters on doing demonstrations and interactions to show Muirlands students that science can be an exciting career.

Sugar & Scribe head cake decorator Ray Vizcaino details the science behind his cakes.

(Elisabeth Frausto)

Event presenter Kathy Williams, who teaches psychology at UCSD, as well as practicing privately with Rady Childrens Hospital, said she sees a great need for an event such as this one, as it illuminates possibilities for kids: They learn about psychology tricks used in video gaming and other industries, which they find very interesting.

Shortly after Fisk welcomed the presenters in the school auditorium, Muirlands eighth-grader Solomon Weinstein spoke, thanking them for their time. He remarked that these presentations help guide him and his peers into the future, and give the roots of the tree the water they need to keep this country alive and healthy.

Seventh-grader Emma Weibel also thanked those in attendance for taking the time to help educate the next generation of this world.

In her speech, eighth-grader Austin Milligan recalled how one presenter last year inspired her to pursue the biomed path at La Jolla High, which will allow her to explore more medical-focused classes that align with her interests. Speaking about all the presenters, she declared: Its hard not to be inspired!

After Muirlands principal Geof Martin thanked the speakers for donating their time and skills, the presenters dispersed to various classrooms where they spoke during different periods, as students rotated through, attending three different classes.

In one classroom, Dr. Reid Meloy, a board-certified forensic psychologist, spoke about criminal psychology and investigating the motives for crimes. In the room next door, Jacques Verstraete, a UCSD mathematics professor, posed math riddles to the students. Artist Karen Deicas DePodesta offered a hands-on presentation in art as she distributed painting supplies, encouraging students to blend mathematical learning into their creations.

In another building, Sugar & Scribe head cake decorator shared his experiences on baking shows for the Food Network, regaling his audience with how he uses engineering principles, such as weight distribution, to create his higher-than-three-feet-tall cakes.

These stories, Fisk stated, are what make the Muirlands STEAM event so memorable. This is what interests the kids, she said. Its not just about the jobs, but about the presenters lives; the ups and downs of getting there.

Follow this link:
Full STEAM Ahead: Muirlands Career Day links learning to skills and jobs - La Jolla Light

IOHK, the software engineering company and lead developer of the Cardano blockchain, has today announced a donation of $500,000 in Cardanos native ADA cryptocurrency to the University of Wyomings (UW) Blockchain Research and Development Lab, in Laramie.

The donation will fund the research of practical applications of blockchain, including supply chain management, and proving the provenance of goods with automated smart contracts.

Wyoming is one of the worlds leading destinations for legislatively-enabled blockchain innovation due in large part to the work of theWyoming Blockchain Taskforceand other partners. The state has enacted a total of 13 blockchain-enabling laws, making it the only US state to provide a comprehensive, welcoming legal framework that enables blockchain technology to flourish, both for individuals and companies.

IOHKs $500,000 contribution will support UWs faculty and graduate students to develop practical applications for blockchain in real-world use cases. The company, that is built on peer-reviewed academic research is committed to the principle of open-source software development; such as hardware for cryptography, authentication, and measures against counterfeiting.

The real-world applications of blockchain are limitless and IOHKs donation of $500,000 in ADA, the native cryptocurrency of our Cardano blockchain platform to the University of Wyomings Blockchain Research and Development Lab will go some way toward realizing that potential and will help to bolster Wyomings burgeoning blockchain revolution. The Wyoming Blockchain Taskforces supportive business environment and the excellence of the University of Wyomings science research is what led IOHK to choose to invest here. We are incorporated here as a business and are very happy to play a small part in helping embed Wyomings position at the global heart of blockchain-based innovation. IOHK CEO, Charles Hoskinson

Since IOHK was founded in 2014, it has pioneered new territory in blockchain research, advancing industry knowledge with the work produced by its global team of cryptographers and researchers. The company is a research and development company and industry leader in the fields of cryptography and distributed systems. A growing network of academic partnerships supports its research and the Blockchain Technology Laboratory at the University of Edinburgh serves as the global headquarters for its various university collaborations.

The University of Wyoming is proud to be at the forefront of blockchain research and education, and we are grateful for this significant financial contribution from IOHK. This support will help us continue to move forward in a very exciting and promising field of innovation and discovery UW Acting President Neal Theobald

UWs Blockchain and Research Lab will graduate BS, MS and Ph.D. students who are fluent in the complexities of developing blockchain technology and, in particular, IOHKs functional programming languages and formal methods. The partnership will also investigate the design of ultra-low-power crypto-authentication chips for use in IoT systems and especially for applications that prove the provenance of manufactured goods.

Were immensely proud of the work the Task Force has achieved in making the state of Wyoming one of the worlds most attractive destinations for businesses looking to build innovative companies, developing real-world uses for blockchain technology. The Wyoming Legislature has already achieved several world firsts in passing an extensive series of laws supporting blockchain innovation and the use of cryptocurrencies, and were pleased to be able to continue that record. IOHKs $500,000 donation, in the native Cardano cryptocurrency, ADA, will not just fund research into real-world uses of blockchain technology, but will also develop Wyoming further as a talent hub for software engineers, trained in the most advanced software development methods in the world. Caitlin Long, former member of the Wyoming Blockchain Task Force

View original post here:
IOHK donates $500K in ADA to the Univ of Wyoming to drive blockchain use cases - CryptoNinjas